Date: Sat, 6 Jan 2001 15:46:58 -0500 From: Dug Song <dugsong@monkey.org> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: security@freebsd.org, questions@freebsd.org Subject: Re: Antisniffer measures (digest of posts) Message-ID: <20010106154658.Y898@naughty.monkey.org> In-Reply-To: <Pine.NEB.3.96L.1010106133125.17685E-100000@fledge.watson.org>; from rwatson@FreeBSD.ORG on Sat, Jan 06, 2001 at 01:41:54PM -0500 References: <3A56ABF8.90C9F0D8@softweyr.com> <Pine.NEB.3.96L.1010106133125.17685E-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 06, 2001 at 01:41:54PM -0500, Robert Watson wrote: > However, the lack of a well-defined name->key binding mechanism > presents a number of problems that must be resolved. I know of > ongoing work to integrate DNSsec and OpenSSH at NAI Labs and (I > believe) ISI. see http://www.cs.jhu.edu/~smang/sshproject.html > End-to-end encryption is probably the answer to the problems seen by this > user -- however, FreeBSD has relatively poor IPsec integration due to lack > of IKE in the base system, making configuration and management of IPsec > somewhat of a nightmare. monkey-in-the-middle attacks are certainly possible against IPsec's IKE as well, especially with the fervent push toward opportunistic encryption (resulting in "opportunistic" exploits :-) -d. p.s. thank you for the nice summary, Robert. this is a busy list! --- http://www.monkey.org/~dugsong/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010106154658.Y898>